Hackers attack Cathay Pacific

Share this…

Zürich, Switzerland – May 14, 2015: The nose section of an Cathay Pacific Airways Boeing 777 at Zurich International Airport. Cathay Pacific is a member of the Oneworld alliance. Hong Kong International Airport is the primary hub for Cathay Pacific Airways.

Data belonging to millions of passengers is compromised

Digital forensics experts from the International Institute of Cyber Security report that one of Asia’s major airlines has just discovered that it has been the victim of a security breach because of which personal information of over 9 million users could have been stolen.

Cathay Pacific announced this Wednesday night that a wide range of data, including passenger names, birth dates, phone numbers, email addresses and passport numbers, were exposed after their information systems were hacked earlier this year.

“We regret any concern that this security incident could cause our passengers”, said Rupert Hogg, airline CEO, in a statement. The Hong Kong-based company is in the process of contacting all the people affected by data theft, he added.

This is the latest security breach that has hit a major international airline after the scandal aroused in British Airways when a group of hackers, allegedly Magecart, hacked the website and mobile application of British Airways, stealing information from hundreds of thousands of users.

Hackers who attacked Cathay Pacific gained access to 27 credit card numbers, but without the respective card security codes, plus another 403 credit card numbers overdue, according to reports from experts in digital forensics. The airline reports that “there is still no evidence that the customer’s personal data has been misused”, adding that the passwords of the compromised cards were not put at risk at any time.

Cathay Pacific reports that it discovered evidence of “suspicious activity” on its network last March and that it took immediate steps to contain the event and investigate it with the help of a cybersecurity firm. The airline confirmed last May that the personal data had been compromised and has since then, it’s been analyzing the data to identify the affected passengers.

Cathay Pacific shares fell by more than 5% in morning operations on the Hong Kong stock exchange, a few hours after the security breach was announced. The company has notified the authorities in Hong Kong, and has also created a website dedicated to solving questions about the incident (infosecurity.cathaypacific.com) in addition to enabling a call center to help its customers to verify the security status of their information.

The airline said the content of the information accessed by hackers varies from passenger to passenger. This information includes approximately 860k passport numbers and 245k numbers of Hong Kong identity cards.

This year, Cathay Pacific was ranked as the sixth best airline in the world by Skytrax, a London-based company that provides consultancy services for carriers and airports.

According to experts in digital forensics, the company could face legal actions for deficiencies in the protection of personal information, as was the case with British Airways. Last September, just hours after the airline security incident was revealed, a British law firm announced that it would launch a collective legal action for 500 million pounds against British Airways, calculating that each person affected by the incident could claim up to 1 250 pounds in compensation.